Staff MemberPremium Member

News is quickly spreading across the Internet of another potential security threat to Android devices.

The BBC covered it by saying:

"A "master key" that could give cyber-thieves unfettered access to almost any Android phone has been discovered by security research firm BlueBox.

The bug could be exploited to let an attacker do what they want to a phone including stealing data, eavesdropping or using it to send junk messages.

The loophole has been present in every version of the Android operating system released since 2009.

Google said it currently had no comment to make on BlueBox's discovery."

Click to expand...

The Huffington Post, went on to report that...

"The method demonstrated by Bluebox would let app developers modify an update to a legitimate app to look like a system file, which can then be used to take control of a phone. With the right signature disguising its real motives, the update could log passwords, credit card information, photos, emails - essentially anything on your mobile device.

"The implications are huge," Bluebox explains on its website.

"Depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet."

Click to expand...

Meanwhile, Ars Technica have also covered the story...

While it would be devastating if an attacker was able to get such a modified APK into the Google Play Store, or somehow use the technique to hijack the update mechanism of legitimate apps, there are probably safeguards already in place to prevent such attacks.

"I imagine that Google would move quickly to add some logic to look for such attacks," Dan Wallach, a professor specializing in Android security in the computer science department of Rice University, told Ars. "Without that available to an attacker, this is likely to only be relevant for Android users who use third-party app stores (which have lots of other problems). This bug could also be valuable for users trying to 'root' their phones."

My mother in law runs some credit union's and their security personnel instructed everyone to delete the flashlight app.
She is tech savvy when it comes to typewriters, so I just laughed at the info.
I honestly haven't read up on any threats, but this stuff sounds real.
Wtf?

Developer

I wouldn't worry to much about this.. This is kind of a perfect storm scenario. All the planets would have to be perfectly aligned for something like that to take place. Plus in order for any real damage to be done before it was caught it would have to hit on one of the big apps... Someone in the community would catch it before it spread to far. Another case of a news organization reporting on something to raise controversy and get "hits" to their site. Could it happen......? Yes but again to many things would have to be missed before it became a real threat.